From f77def1e755711031c27dfee77fe7ffcc5fb8713 Mon Sep 17 00:00:00 2001
From: Sawjan Gurung <saw.jan.grg3e@gmail.com>
Date: Wed, 23 Nov 2022 17:20:37 +0545
Subject: [PATCH] [tests-only][full-ci] Add API tests for deleting groups
 (graph API) (#5076)

* add API tests for deleting groups

* add tests to expected failure

* fix php style

* update expected failure list

extend test

* merge scenarios

* bump core commit id

extend tests

descrive scenario

* use when step

* fix

Co-authored-by: Viktor Scharf <scharf.vi@gmail.com>
---
 .drone.env                                    |  2 +-
 ...ected-failures-localAPI-on-OCIS-storage.md |  8 ++
 .../features/apiGraph/deleteGroup.feature     | 84 +++++++++++++++++++
 .../features/bootstrap/GraphContext.php       | 46 ++++++++--
 4 files changed, 132 insertions(+), 8 deletions(-)
 create mode 100644 tests/acceptance/features/apiGraph/deleteGroup.feature

diff --git a/.drone.env b/.drone.env
index 8e34f8ae7..2fed6d8c2 100644
--- a/.drone.env
+++ b/.drone.env
@@ -1,5 +1,5 @@
 # The test runner source for API tests
-CORE_COMMITID=77907465a69d0e71566df580cc605e62f390b132
+CORE_COMMITID=3ea9a1d44df397a504ca7ed8eb8c8c59b5a16852
 CORE_BRANCH=master
 
 # The test runner source for UI tests
diff --git a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
index 76a9d44eb..79d3d1ec9 100644
--- a/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
+++ b/tests/acceptance/expected-failures-localAPI-on-OCIS-storage.md
@@ -52,3 +52,11 @@ The expected failures in this file are from features in the owncloud/ocis repo.
 ### [Settings service user can see roles list](https://github.com/owncloud/ocis/issues/5079)
 - [apiAccountsHashDifficulty/assignRole.feature:15](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L15)
 - [apiAccountsHashDifficulty/assignRole.feature:16](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiAccountsHashDifficulty/assignRole.feature#L16)
+
+### [Group having percentage (%) can be created but cannot be GET](https://github.com/owncloud/ocis/issues/5083)
+- [apiGraph/deleteGroup.feature:49](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L49)
+- [apiGraph/deleteGroup.feature:50](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L50)
+- [apiGraph/deleteGroup.feature:51](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L51)
+
+#### [Share lists deleted user as 'user'](https://github.com/owncloud/ocis/issues/903)
+- [apiGraph/deleteGroup.feature:62](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/apiGraph/deleteGroup.feature#L62)
diff --git a/tests/acceptance/features/apiGraph/deleteGroup.feature b/tests/acceptance/features/apiGraph/deleteGroup.feature
new file mode 100644
index 000000000..0fb377347
--- /dev/null
+++ b/tests/acceptance/features/apiGraph/deleteGroup.feature
@@ -0,0 +1,84 @@
+@api @skipOnOcV10
+Feature: delete groups
+  As an admin
+  I want to be able to delete groups
+  So that I can remove unnecessary groups
+
+  Background:
+    Given user "Alice" has been created with default attributes and without skeleton files
+    And the administrator has given "Alice" the role "Admin" using the settings api
+
+
+  Scenario Outline: admin user deletes a group
+    Given group "<group_id>" has been created
+    When user "Alice" deletes group "<group_id>" using the Graph API
+    Then the HTTP status code should be "204"
+    And group "<group_id>" should not exist
+    Examples:
+      | group_id            | comment                               |
+      | simplegroup         | nothing special here                  |
+      | España§àôœ€         | special European and other characters |
+      | नेपाली                | Unicode group name                    |
+      | brand-new-group     | dash                                  |
+      | the.group           | dot                                   |
+      | left,right          | comma                                 |
+      | 0                   | The "false" group                     |
+      | Finance (NP)        | Space and brackets                    |
+      | Admin&Finance       | Ampersand                             |
+      | admin:Pokhara@Nepal | Colon and @                           |
+      | maint+eng           | Plus sign                             |
+      | $x<=>[y*z^2]!       | Maths symbols                         |
+      | Mgmt\Middle         | Backslash                             |
+      | 😁 😂               | emoji                                 |
+      | maintenance#123     | Hash sign                             |
+      | 50%25=0             | %25 literal looks like an escaped "%" |
+      | staff?group         | Question mark                         |
+      | Mgmt/Sydney         | Slash (special escaping happens)      |
+      | Mgmt//NSW/Sydney    | Multiple slash                        |
+      | priv/subadmins/1    | Subadmins mentioned not at the end    |
+      | var/../etc          | using slash-dot-dot                   |
+
+  @issue-5083
+  Scenario Outline: admin user deletes a group having % (as only special char) in its name
+    Given group "<group_id>" has been created
+    When user "Alice" deletes group "<group_id>" using the Graph API
+    Then the HTTP status code should be "204"
+    And group "<group_id>" should not exist
+    Examples:
+      | group_id            | comment                                 |
+      | 50%pass             | Percent sign (special escaping happens) |
+      | 50%2Eagle           | %2E literal looks like an escaped "."   |
+      | 50%2Fix             | %2F literal looks like an escaped slash |
+
+
+  Scenario: normal user tries to delete a group
+    Given user "Brian" has been created with default attributes and without skeleton files
+    And group "new-group" has been created
+    When user "Brian" tries to delete group "new-group" using the Graph API
+    Then the HTTP status code should be "401"
+    And group "new-group" should exist
+
+  @issue-903
+  Scenario: deleted group should not be listed in the sharees list
+    Given group "grp1" has been created
+    And group "grp2" has been created
+    And user "Alice" has uploaded file with content "sample text" to "lorem.txt"
+    And user "Alice" has shared file "lorem.txt" with group "grp1"
+    And user "Alice" has shared file "lorem.txt" with group "grp2"
+    And group "grp1" has been deleted
+    When user "Alice" gets all the shares from the file "lorem.txt" using the sharing API
+    Then the HTTP status code should be "200"
+    And group "grp2" should be included in the response
+    But group "grp1" should not be included in the response
+
+
+  Scenario: user should not see share received via deleted group
+    Given user "Alice" has uploaded file with content "sample text" to "lorem.txt"
+    And user "Brian" has been created with default attributes and without skeleton files
+    And group "grp1" has been created
+    And user "Brian" has been added to group "grp1"
+    And user "Alice" has shared file "lorem.txt" with group "grp1"
+    And user "Brian" has accepted share "/lorem.txt" offered by user "Alice"
+    When user "Alice" deletes group "grp1" using the Graph API
+    Then the HTTP status code should be "204"
+    And user "Brian" should not have any received shares
diff --git a/tests/acceptance/features/bootstrap/GraphContext.php b/tests/acceptance/features/bootstrap/GraphContext.php
index 16d1d974d..afb3aaa2e 100644
--- a/tests/acceptance/features/bootstrap/GraphContext.php
+++ b/tests/acceptance/features/bootstrap/GraphContext.php
@@ -139,6 +139,28 @@ class GraphContext implements Context {
 		$this->featureContext->thenTheHTTPStatusCodeShouldBe(200);
 	}
 
+	/**
+	 * @param string $groupId
+	 * @param string|null $user
+	 *
+	 * @return ResponseInterface
+	 * @throws GuzzleException
+	 */
+	public function userDeletesGroupWithGroupId(
+		string $groupId,
+		?string $user = null
+	): ResponseInterface {
+		$credentials = $this->getAdminOrUserCredentials($user);
+
+		return GraphHelper::deleteGroup(
+			$this->featureContext->getBaseUrl(),
+			$this->featureContext->getStepLineRef(),
+			$credentials["username"],
+			$credentials["password"],
+			$groupId
+		);
+	}
+
 	/**
 	 * @param string $groupId
 	 * @param bool $checkResult
@@ -151,13 +173,7 @@ class GraphContext implements Context {
 		bool $checkResult = false
 	): void {
 		$this->featureContext->setResponse(
-			GraphHelper::deleteGroup(
-				$this->featureContext->getBaseUrl(),
-				$this->featureContext->getStepLineRef(),
-				$this->featureContext->getAdminUsername(),
-				$this->featureContext->getAdminPassword(),
-				$groupId
-			)
+			$this->userDeletesGroupWithGroupId($groupId)
 		);
 		if ($checkResult) {
 			$this->featureContext->thenTheHTTPStatusCodeShouldBe(204);
@@ -828,6 +844,22 @@ class GraphContext implements Context {
 		);
 	}
 
+	/**
+	 * @When user :user deletes group :group using the Graph API
+	 * @When the administrator deletes group :group using the Graph API
+	 * @When user :user tries to delete group :group using the Graph API
+	 *
+	 * @param string $group
+	 * @param string|null $user
+	 *
+	 * @return void
+	 */
+	public function userDeletesGroupUsingTheGraphApi(string $group, ?string $user): void {
+		$groupId = $this->featureContext->getAttributeOfCreatedGroup($group, "id");
+		$response = $this->userDeletesGroupWithGroupId($groupId, $user);
+		$this->featureContext->setResponse($response);
+	}
+  
 	/**
 	 * @Then the following users should be listed in the following groups
 	 *